When the top-level directory section for / was added for the sake

of performance and to allow automount symlinks to be followed, we
mistakenly opened access to the entire directory system by default.
I noticed this because all of the /~user directories are available
by default without any restrictions, which is a bad idea for anything
other than one server within a department of shared users.  However,
it also makes it easier to serve files anywhere on disk by mistake,
and makes other URI-handling bugs more severe than they would be
otherwise.  Therefore, this patch reinstates access control to deny
access to all files other than under DocumentRoot, icons, and manual,
until additional directory/locations are explicitly allowed by the admin.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100593 13f79535-47bb-0310-9956-ffa450edef68